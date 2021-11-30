These apps hid a dangerous banking Trojan that has infected thousands of users, including many from Spain, and worst of all, they were available on the Google Play store.

Although Google has improved its application store with the ability to detect malicious applications so that they are not even listed in the store, on several occasions they end up escaping fraudulent apps.

This just happened again with apps that have been downloaded up to 300,000 times until its true objective has been discovered, they comment from Arstechnica.

And it is that these applications hid banking Trojans that were capable of diverting user passwords and even two-factor authentication codes to external servers. Most worryingly, they also logged keystrokes and even took screenshots.

There are dozens of applications with this Trojan, most posing as gym workouts, also QR scanners, PDF scanners and cryptocurrency wallets, belonging to up to four families of Android malware that have been distributed over the last four months in many countries. including Spain.

This is explained by researchers from the mobile security company ThreatFabric in a statement, where they point out that these are Trojan campaigns carried out intelligently.

And it is that first these applications had a benign version for a long time, so that users could install them, and they could leave good scores in the store.

But when the cybercriminals saw that the applications had reached a large install quota, they began to launch pop-up windows so that users will be updated to new fraudulent versions to, for example, receive many more extra features.

In this way, cybercriminals first assured users’ trust by offering them an application that did what it had to do, but which over time began to infect through external updates.

The researchers also explain that not everyone received the banking Trojan, but that different malware campaigns were launched and, depending on the location of the device, the Trojan was activated or not.

“This incredible attention devoted to avoiding unwanted attention makes automated malware detection less reliable,” he explains in the ThreatFabric publication.

The malware family responsible for the highest number of infections is known as Anatsa and it is a very advanced Android banking Trojan that includes a variety of capabilities, including remote access and automatic transfer system. There are three other malware families found by researchers such as Alien, Hydra, and Ermac.

In total the researchers found 12 Android apps that participated in this scam with the corresponding Trojan, and are the following:

If you recognize any of these applications, you should not only delete it from your terminal, but also change each of the passwords for your services and especially for banking apps.